Guomin, Just one minor comment below.
Regards, Jian > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Guomin > Jiang > Sent: Thursday, July 09, 2020 9:57 AM > To: devel@edk2.groups.io > Cc: Michael Kubacki <michael.a.kuba...@intel.com>; Dong, Eric > <eric.d...@intel.com>; Ni, Ray <ray...@intel.com>; Laszlo Ersek > <ler...@redhat.com>; Kumar, Rahul1 <rahul1.ku...@intel.com>; De, > Debkumar <debkumar...@intel.com>; Han, Harry <harry....@intel.com>; > West, Catharine <catharine.w...@intel.com> > Subject: [edk2-devel] [PATCH v5 4/9] UefiCpuPkg/SecMigrationPei: Add initial > PEIM (CVE-2019-11098) > > From: Michael Kubacki <michael.a.kuba...@intel.com> > > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614 > > Adds a PEIM that republishes structures produced in SEC. This > is done because SEC modules may not be shadowed in some platforms > due to space constraints or special alignment requirements. The > SecMigrationPei module locates interfaces that may be published in > SEC and reinstalls the interface with permanent memory addresses. > > This is important if pre-memory address access is forbidden after > memory initialization and data such as a PPI descriptor, PPI GUID, > or PPI inteface reside in pre-memory. > > Cc: Eric Dong <eric.d...@intel.com> > Cc: Ray Ni <ray...@intel.com> > Cc: Laszlo Ersek <ler...@redhat.com> > Cc: Rahul Kumar <rahul1.ku...@intel.com> > Cc: Debkumar De <debkumar...@intel.com> > Cc: Harry Han <harry....@intel.com> > Cc: Catharine West <catharine.w...@intel.com> > Signed-off-by: Michael Kubacki <michael.a.kuba...@intel.com> > Acked-by: Laszlo Ersek <ler...@redhat.com> > --- > UefiCpuPkg/UefiCpuPkg.dec | 4 + > UefiCpuPkg/UefiCpuPkg.dsc | 1 + > UefiCpuPkg/SecCore/SecCore.inf | 2 + > .../SecMigrationPei/SecMigrationPei.inf | 67 +++ > UefiCpuPkg/Include/Ppi/RepublishSecPpi.h | 54 +++ > UefiCpuPkg/SecCore/SecMain.h | 1 + > UefiCpuPkg/SecMigrationPei/SecMigrationPei.h | 154 +++++++ > UefiCpuPkg/SecCore/SecMain.c | 26 +- > UefiCpuPkg/SecMigrationPei/SecMigrationPei.c | 381 ++++++++++++++++++ > .../SecMigrationPei/SecMigrationPei.uni | 13 + > 10 files changed, 701 insertions(+), 2 deletions(-) > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni > > diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec > index 762badf5d239..0a005bd20311 100644 > --- a/UefiCpuPkg/UefiCpuPkg.dec > +++ b/UefiCpuPkg/UefiCpuPkg.dec > @@ -66,6 +66,10 @@ [Guids] > ## Include/Guid/MicrocodePatchHob.h > gEdkiiMicrocodePatchHobGuid = { 0xd178f11d, 0x8716, 0x418e, { 0xa1, > 0x31, > 0x96, 0x7d, 0x2a, 0xc4, 0x28, 0x43 }} > > +[Ppis] > + ## Include/Ppi/RepublishSecPpi.h > + gRepublishSecPpiPpiGuid = { 0x27a71b1e, 0x73ee, 0x43d6, { 0xac, 0xe3, > 0x52, > 0x1a, 0x2d, 0xc5, 0xd0, 0x92 }} > + Instead of adding a new [Ppis] section, you can add this PPI definition in the [Ppis] section already defined below. > [Protocols] > ## Include/Protocol/SmmCpuService.h > gEfiSmmCpuServiceProtocolGuid = { 0x1d202cab, 0xc8ab, 0x4d5c, { 0x94, > 0xf7, > 0x3c, 0xfc, 0xc0, 0xd3, 0xd3, 0x35 }} > diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc > index afa304128221..964720048dd7 100644 > --- a/UefiCpuPkg/UefiCpuPkg.dsc > +++ b/UefiCpuPkg/UefiCpuPkg.dsc > @@ -146,6 +146,7 @@ [Components.IA32, Components.X64] > UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf > UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationSmm.inf > UefiCpuPkg/SecCore/SecCore.inf > + UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf { > <Defines> > diff --git a/UefiCpuPkg/SecCore/SecCore.inf b/UefiCpuPkg/SecCore/SecCore.inf > index 0562820c95e0..545781d6b4b3 100644 > --- a/UefiCpuPkg/SecCore/SecCore.inf > +++ b/UefiCpuPkg/SecCore/SecCore.inf > @@ -68,6 +68,8 @@ [Ppis] > ## SOMETIMES_CONSUMES > gPeiSecPerformancePpiGuid > gEfiPeiCoreFvLocationPpiGuid > + ## CONSUMES > + gRepublishSecPpiPpiGuid > > [Guids] > ## SOMETIMES_PRODUCES ## HOB > diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > new file mode 100644 > index 000000000000..f4c2f6b658fb > --- /dev/null > +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > @@ -0,0 +1,67 @@ > +## @file > +# Migrates SEC structures after permanent memory is installed. > +# > +# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION = 0x00010005 > + BASE_NAME = SecMigrationPei > + MODULE_UNI_FILE = SecMigrationPei.uni > + FILE_GUID = 58B35361-8922-41BC-B313-EF7ED9ADFDF7 > + MODULE_TYPE = PEIM > + VERSION_STRING = 1.0 > + ENTRY_POINT = SecMigrationPeiInitialize > + > +# > +# The following information is for reference only and not required by the > build > tools. > +# > +# VALID_ARCHITECTURES = IA32 X64 EBC > +# > + > +[Sources] > + SecMigrationPei.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + UefiCpuPkg/UefiCpuPkg.dec > + > +[LibraryClasses] > + BaseLib > + BaseMemoryLib > + DebugLib > + HobLib > + MemoryAllocationLib > + PeimEntryPoint > + PeiServicesLib > + PeiServicesTablePointerLib > + > +[Ppis] > + ## PRODUCES > + gRepublishSecPpiPpiGuid > + > + ## SOMETIMES_PRODUCES > + gEfiTemporaryRamDonePpiGuid > + > + ## SOMETIME_PRODUCES > + gEfiTemporaryRamSupportPpiGuid > + > + ## SOMETIMES_PRODUCES > + gPeiSecPerformancePpiGuid > + > + ## SOMETIMES_CONSUMES > + ## PRODUCES > + gEfiSecPlatformInformationPpiGuid > + > + ## SOMETIMES_CONSUMES > + ## SOMETIMES_PRODUCES > + gEfiSecPlatformInformation2PpiGuid > + > +[Pcd] > + > gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolum > es ## CONSUMES > + > +[Depex] > + TRUE > diff --git a/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > b/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > new file mode 100644 > index 000000000000..ea865acbb5c8 > --- /dev/null > +++ b/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > @@ -0,0 +1,54 @@ > +/** @file > + This file declares Sec Platform Information PPI. > + > + This service is the primary handoff state into the PEI Foundation. > + The Security (SEC) component creates the early, transitory memory > + environment and also encapsulates knowledge of at least the > + location of the Boot Firmware Volume (BFV). > + > + Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > + @par Revision Reference: > + This PPI is introduced in PI Version 1.0. > + > +**/ > + > +#ifndef __REPUBLISH_SEC_PPI_H__ > +#define __REPUBLISH_SEC_PPI_H__ > + > +#include <Pi/PiPeiCis.h> > + > +#define REPUBLISH_SEC_PPI_PPI_GUID \ > + { \ > + 0x27a71b1e, 0x73ee, 0x43d6, { 0xac, 0xe3, 0x52, 0x1a, 0x2d, 0xc5, 0xd0, > 0x92 } \ > + } > + > +typedef struct _REPUBLISH_SEC_PPI_PPI REPUBLISH_SEC_PPI_PPI; > + > +/** > + This interface re-installs PPIs installed in SecCore from a post-memory > PEIM. > + > + This is to allow a platform that may not support relocation of SecCore to > update the PPI instance to a post-memory > + copy from a PEIM that has been shadowed to permanent memory. > + > + @retval EFI_SUCCESS The SecCore PPIs were re-installed successfully. > + @retval Others An error occurred re-installing the SecCore PPIs. > + > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS)( > + VOID > + ); > + > +/// > +/// Republish SEC PPIs > +/// > +struct _REPUBLISH_SEC_PPI_PPI { > + REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS RepublishSecPpis; > +}; > + > +extern EFI_GUID gRepublishSecPpiPpiGuid; > + > +#endif > diff --git a/UefiCpuPkg/SecCore/SecMain.h b/UefiCpuPkg/SecCore/SecMain.h > index e8c05d713668..e20bcf86532c 100644 > --- a/UefiCpuPkg/SecCore/SecMain.h > +++ b/UefiCpuPkg/SecCore/SecMain.h > @@ -15,6 +15,7 @@ > #include <Ppi/TemporaryRamDone.h> > #include <Ppi/SecPerformance.h> > #include <Ppi/PeiCoreFvLocation.h> > +#include <Ppi/RepublishSecPpi.h> > > #include <Guid/FirmwarePerformance.h> > > diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.h > b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.h > new file mode 100644 > index 000000000000..414672a5afe6 > --- /dev/null > +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.h > @@ -0,0 +1,154 @@ > +/** @file > + Migrates SEC structures after permanent memory is installed. > + > + Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef __SEC_MIGRATION_H__ > +#define __SEC_MIGRATION_H__ > + > +#include <Base.h> > + > +#include <Pi/PiPeiCis.h> > +#include <Ppi/RepublishSecPpi.h> > +#include <Ppi/SecPerformance.h> > +#include <Ppi/SecPlatformInformation.h> > +#include <Ppi/SecPlatformInformation2.h> > +#include <Ppi/TemporaryRamDone.h> > +#include <Ppi/TemporaryRamSupport.h> > + > +/** > + This interface conveys state information out of the Security (SEC) phase > into > PEI. > + > + @param[in] PeiServices Pointer to the PEI Services Table. > + @param[in,out] StructureSize Pointer to the variable > describing size of > the input buffer. > + @param[out] PlatformInformationRecord Pointer to the > EFI_SEC_PLATFORM_INFORMATION_RECORD. > + > + @retval EFI_SUCCESS The data was successfully returned. > + @retval EFI_BUFFER_TOO_SMALL The buffer was too small. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecPlatformInformationPostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN OUT UINT64 *StructureSize, > + OUT EFI_SEC_PLATFORM_INFORMATION_RECORD > *PlatformInformationRecord > + ); > + > +/** > + Re-installs the SEC Platform Information PPIs to implementation in this > module to support post-memory. > + > + @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES > table > published by the PEI Foundation. > + @param[in] NotifyDescriptor Address of the notification descriptor data > structure. > + @param[in] Ppi Address of the PPI that was installed. > + > + @retval EFI_SUCCESS The SEC Platform Information PPI could not be > re- > installed. > + @return Others An error occurred during PPI re-install. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecPlatformInformationPpiNotifyCallback ( > + IN EFI_PEI_SERVICES **PeiServices, > + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, > + IN VOID *Ppi > + ); > + > +/** > + This interface re-installs PPIs installed in SecCore from a post-memory > PEIM. > + > + This is to allow a platform that may not support relocation of SecCore to > update the PPI instance to a post-memory > + copy from a PEIM that has been shadowed to permanent memory. > + > + @retval EFI_SUCCESS The SecCore PPIs were re-installed successfully. > + @retval Others An error occurred re-installing the SecCore PPIs. > + > +**/ > +EFI_STATUS > +EFIAPI > +RepublishSecPpis ( > + VOID > + ); > + > +/** > + Disables the use of Temporary RAM. > + > + If present, this service is invoked by the PEI Foundation after > + the EFI_PEI_PERMANANT_MEMORY_INSTALLED_PPI is installed. > + > + @retval EFI_SUCCESS Use of Temporary RAM was disabled. > + @retval EFI_INVALID_PARAMETER Temporary RAM could not be disabled. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecTemporaryRamDonePostMemory ( > + VOID > + ); > + > +/** > + This service of the EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI that migrates > temporary RAM into > + permanent memory. > + > + @param PeiServices Pointer to the PEI Services Table. > + @param TemporaryMemoryBase Source Address in temporary memory > from which the SEC or PEIM will copy the > + Temporary RAM contents. > + @param PermanentMemoryBase Destination Address in permanent memory > into which the SEC or PEIM will copy the > + Temporary RAM contents. > + @param CopySize Amount of memory to migrate from temporary to > permanent memory. > + > + @retval EFI_SUCCESS The data was successfully returned. > + @retval EFI_INVALID_PARAMETER PermanentMemoryBase + CopySize > > TemporaryMemoryBase when > + TemporaryMemoryBase > PermanentMemoryBase. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecTemporaryRamSupportPostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN EFI_PHYSICAL_ADDRESS TemporaryMemoryBase, > + IN EFI_PHYSICAL_ADDRESS PermanentMemoryBase, > + IN UINTN CopySize > + ); > + > +/** > + This interface conveys performance information out of the Security (SEC) > phase into PEI. > + > + This service is published by the SEC phase. The SEC phase handoff has an > optional > + EFI_PEI_PPI_DESCRIPTOR list as its final argument when control is passed > from SEC into the > + PEI Foundation. As such, if the platform supports collecting performance > data > in SEC, > + this information is encapsulated into the data structure abstracted by this > service. > + This information is collected for the boot-strap processor (BSP) on IA-32. > + > + @param[in] PeiServices The pointer to the PEI Services Table. > + @param[in] This The pointer to this instance of the > PEI_SEC_PERFORMANCE_PPI. > + @param[out] Performance The pointer to performance data collected in SEC > phase. > + > + @retval EFI_SUCCESS The performance data was successfully returned. > + > +**/ > +EFI_STATUS > +EFIAPI > +GetPerformancePostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN PEI_SEC_PERFORMANCE_PPI *This, > + OUT FIRMWARE_SEC_PERFORMANCE *Performance > + ); > + > +typedef struct { > + UINT64 StructureSize; > + EFI_SEC_PLATFORM_INFORMATION_RECORD *PlatformInformationRecord; > +} SEC_PLATFORM_INFORMATION_CONTEXT; > + > +typedef struct { > + EFI_HOB_GUID_TYPE Header; > + UINT8 Revision; > + UINT8 Reserved[3]; > + FIRMWARE_SEC_PERFORMANCE FirmwareSecPerformance; > + SEC_PLATFORM_INFORMATION_CONTEXT Context; > +} SEC_PLATFORM_INFORMATION_CONTEXT_HOB; > + > +#endif > diff --git a/UefiCpuPkg/SecCore/SecMain.c b/UefiCpuPkg/SecCore/SecMain.c > index 5d5e7f17dced..155be49a6011 100644 > --- a/UefiCpuPkg/SecCore/SecMain.c > +++ b/UefiCpuPkg/SecCore/SecMain.c > @@ -370,13 +370,35 @@ SecTemporaryRamDone ( > VOID > ) > { > - BOOLEAN State; > + EFI_STATUS Status; > + EFI_STATUS Status2; > + UINTN Index; > + BOOLEAN State; > + EFI_PEI_PPI_DESCRIPTOR *PeiPpiDescriptor; > + REPUBLISH_SEC_PPI_PPI *RepublishSecPpiPpi; > > // > // Republish Sec Platform Information(2) PPI > // > RepublishSecPlatformInformationPpi (); > > + // > + // Re-install SEC PPIs using a PEIM produced service if published > + // > + for (Index = 0, Status = EFI_SUCCESS; Status == EFI_SUCCESS; Index++) { > + Status = PeiServicesLocatePpi ( > + &gRepublishSecPpiPpiGuid, > + Index, > + &PeiPpiDescriptor, > + (VOID **) &RepublishSecPpiPpi > + ); > + if (!EFI_ERROR (Status)) { > + DEBUG ((DEBUG_INFO, "Calling RepublishSecPpi instance %d.\n", Index)); > + Status2 = RepublishSecPpiPpi->RepublishSecPpis (); > + ASSERT_EFI_ERROR (Status2); > + } > + } > + > // > // Migrate DebugAgentContext. > // > @@ -385,7 +407,7 @@ SecTemporaryRamDone ( > // > // Disable interrupts and save current interrupt state > // > - State = SaveAndDisableInterrupts(); > + State = SaveAndDisableInterrupts (); > > // > // Disable Temporary RAM after Stack and Heap have been migrated at this > point. > diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c > b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c > new file mode 100644 > index 000000000000..a62d50bcbb0d > --- /dev/null > +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c > @@ -0,0 +1,381 @@ > +/** @file > + Migrates SEC structures after permanent memory is installed. > + > + Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include <Base.h> > + > +#include <Library/BaseLib.h> > +#include <Library/BaseMemoryLib.h> > +#include <Library/DebugLib.h> > +#include <Library/HobLib.h> > +#include <Library/MemoryAllocationLib.h> > +#include <Library/PeiServicesLib.h> > +#include <Library/PeiServicesTablePointerLib.h> > + > +#include "SecMigrationPei.h" > + > +STATIC REPUBLISH_SEC_PPI_PPI mEdkiiRepublishSecPpiPpi = { > + RepublishSecPpis > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED > EFI_SEC_PLATFORM_INFORMATION_PPI > mSecPlatformInformationPostMemoryPpi = { > + > SecPlatformInformationPostMemory > + }; > + > + > +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_TEMPORARY_RAM_DONE_PPI > mSecTemporaryRamDonePostMemoryPpi = { > + > SecTemporaryRamDonePostMemory > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED > EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI > mSecTemporaryRamSupportPostMemoryPpi = { > + > SecTemporaryRamSupportPostMemory > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED PEI_SEC_PERFORMANCE_PPI > mSecPerformancePpi = { > + > GetPerformancePostMemory > + }; > + > +STATIC EFI_PEI_PPI_DESCRIPTOR mEdkiiRepublishSecPpiDescriptor = { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + &gRepublishSecPpiPpiGuid, > + &mEdkiiRepublishSecPpiPpi > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR > mSecPlatformInformationPostMemoryDescriptor = { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + &gEfiSecPlatformInformationPpiGuid, > + &mSecPlatformInformationPostMemoryPpi > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR > mSecTemporaryRamDonePostMemoryDescriptor = { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + &gEfiTemporaryRamDonePpiGuid, > + &mSecTemporaryRamDonePostMemoryPpi > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR > mSecTemporaryRamSupportPostMemoryDescriptor = { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + &gEfiTemporaryRamSupportPpiGuid, > + &mSecTemporaryRamSupportPostMemoryPpi > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR > mSecPerformancePpiDescriptor = { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + &gPeiSecPerformancePpiGuid, > + &mSecPerformancePpi > + }; > + > +/** > + Disables the use of Temporary RAM. > + > + If present, this service is invoked by the PEI Foundation after > + the EFI_PEI_PERMANANT_MEMORY_INSTALLED_PPI is installed. > + > + @retval EFI_SUCCESS Use of Temporary RAM was disabled. > + @retval EFI_INVALID_PARAMETER Temporary RAM could not be disabled. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecTemporaryRamDonePostMemory ( > + VOID > + ) > +{ > + // > + // Temporary RAM Done is already done in post-memory > + // install a stub function that is located in permanent memory > + // > + return EFI_SUCCESS; > +} > + > +/** > + This service of the EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI that migrates > temporary RAM into > + permanent memory. > + > + @param PeiServices Pointer to the PEI Services Table. > + @param TemporaryMemoryBase Source Address in temporary memory > from which the SEC or PEIM will copy the > + Temporary RAM contents. > + @param PermanentMemoryBase Destination Address in permanent memory > into which the SEC or PEIM will copy the > + Temporary RAM contents. > + @param CopySize Amount of memory to migrate from temporary to > permanent memory. > + > + @retval EFI_SUCCESS The data was successfully returned. > + @retval EFI_INVALID_PARAMETER PermanentMemoryBase + CopySize > > TemporaryMemoryBase when > + TemporaryMemoryBase > PermanentMemoryBase. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecTemporaryRamSupportPostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN EFI_PHYSICAL_ADDRESS TemporaryMemoryBase, > + IN EFI_PHYSICAL_ADDRESS PermanentMemoryBase, > + IN UINTN CopySize > + ) > +{ > + // > + // Temporary RAM Support is already done in post-memory > + // install a stub function that is located in permanent memory > + // > + return EFI_SUCCESS; > +} > + > +/** > + This interface conveys performance information out of the Security (SEC) > phase into PEI. > + > + This service is published by the SEC phase. The SEC phase handoff has an > optional > + EFI_PEI_PPI_DESCRIPTOR list as its final argument when control is passed > from SEC into the > + PEI Foundation. As such, if the platform supports collecting performance > data > in SEC, > + this information is encapsulated into the data structure abstracted by this > service. > + This information is collected for the boot-strap processor (BSP) on IA-32. > + > + @param[in] PeiServices The pointer to the PEI Services Table. > + @param[in] This The pointer to this instance of the > PEI_SEC_PERFORMANCE_PPI. > + @param[out] Performance The pointer to performance data collected in SEC > phase. > + > + @retval EFI_SUCCESS The performance data was successfully returned. > + > +**/ > +EFI_STATUS > +EFIAPI > +GetPerformancePostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN PEI_SEC_PERFORMANCE_PPI *This, > + OUT FIRMWARE_SEC_PERFORMANCE *Performance > + ) > +{ > + SEC_PLATFORM_INFORMATION_CONTEXT_HOB > *SecPlatformInformationContexHob; > + > + if (This == NULL || Performance == NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + SecPlatformInformationContexHob = GetFirstGuidHob (&gEfiCallerIdGuid); > + if (SecPlatformInformationContexHob == NULL) { > + return EFI_NOT_FOUND; > + } > + > + Performance->ResetEnd = SecPlatformInformationContexHob- > >FirmwareSecPerformance.ResetEnd; > + > + return EFI_SUCCESS; > +} > + > +/** > + This interface conveys state information out of the Security (SEC) phase > into > PEI. > + > + @param[in] PeiServices Pointer to the PEI Services Table. > + @param[in,out] StructureSize Pointer to the variable > describing size of > the input buffer. > + @param[out] PlatformInformationRecord Pointer to the > EFI_SEC_PLATFORM_INFORMATION_RECORD. > + > + @retval EFI_SUCCESS The data was successfully returned. > + @retval EFI_BUFFER_TOO_SMALL The buffer was too small. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecPlatformInformationPostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN OUT UINT64 *StructureSize, > + OUT EFI_SEC_PLATFORM_INFORMATION_RECORD > *PlatformInformationRecord > + ) > +{ > + SEC_PLATFORM_INFORMATION_CONTEXT_HOB > *SecPlatformInformationContexHob; > + > + if (StructureSize == NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + SecPlatformInformationContexHob = GetFirstGuidHob (&gEfiCallerIdGuid); > + if (SecPlatformInformationContexHob == NULL) { > + return EFI_NOT_FOUND; > + } > + > + if (*StructureSize < SecPlatformInformationContexHob- > >Context.StructureSize) { > + *StructureSize = SecPlatformInformationContexHob->Context.StructureSize; > + return EFI_BUFFER_TOO_SMALL; > + } > + > + if (PlatformInformationRecord == NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + *StructureSize = SecPlatformInformationContexHob->Context.StructureSize; > + CopyMem ( > + (VOID *) PlatformInformationRecord, > + (VOID *) SecPlatformInformationContexHob- > >Context.PlatformInformationRecord, > + (UINTN) SecPlatformInformationContexHob->Context.StructureSize > + ); > + > + return EFI_SUCCESS; > +} > + > +/** > + This interface re-installs PPIs installed in SecCore from a post-memory > PEIM. > + > + This is to allow a platform that may not support relocation of SecCore to > update the PPI instance to a post-memory > + copy from a PEIM that has been shadowed to permanent memory. > + > + @retval EFI_SUCCESS The SecCore PPIs were re-installed successfully. > + @retval Others An error occurred re-installing the SecCore PPIs. > + > +**/ > +EFI_STATUS > +EFIAPI > +RepublishSecPpis ( > + VOID > + ) > +{ > + EFI_STATUS Status; > + EFI_PEI_PPI_DESCRIPTOR *PeiPpiDescriptor; > + VOID *PeiPpi; > + SEC_PLATFORM_INFORMATION_CONTEXT_HOB > *SecPlatformInformationContextHob; > + EFI_SEC_PLATFORM_INFORMATION_RECORD *SecPlatformInformationPtr; > + UINT64 SecStructureSize; > + > + SecPlatformInformationPtr = NULL; > + SecStructureSize = 0; > + > + Status = PeiServicesLocatePpi ( > + &gEfiTemporaryRamDonePpiGuid, > + 0, > + &PeiPpiDescriptor, > + (VOID **) &PeiPpi > + ); > + if (!EFI_ERROR (Status)) { > + Status = PeiServicesReInstallPpi ( > + PeiPpiDescriptor, > + &mSecTemporaryRamDonePostMemoryDescriptor > + ); > + ASSERT_EFI_ERROR (Status); > + } > + > + Status = PeiServicesLocatePpi ( > + &gEfiTemporaryRamSupportPpiGuid, > + 0, > + &PeiPpiDescriptor, > + (VOID **) &PeiPpi > + ); > + if (!EFI_ERROR (Status)) { > + Status = PeiServicesReInstallPpi ( > + PeiPpiDescriptor, > + &mSecTemporaryRamSupportPostMemoryDescriptor > + ); > + ASSERT_EFI_ERROR (Status); > + } > + > + Status = PeiServicesCreateHob ( > + EFI_HOB_TYPE_GUID_EXTENSION, > + sizeof (SEC_PLATFORM_INFORMATION_CONTEXT_HOB), > + (VOID **) &SecPlatformInformationContextHob > + ); > + ASSERT_EFI_ERROR (Status); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "SecPlatformInformation Context HOB could not > be created.\n")); > + return Status; > + } > + > + SecPlatformInformationContextHob->Header.Name = gEfiCallerIdGuid; > + SecPlatformInformationContextHob->Revision = 1; > + > + Status = PeiServicesLocatePpi ( > + &gPeiSecPerformancePpiGuid, > + 0, > + &PeiPpiDescriptor, > + (VOID **) &PeiPpi > + ); > + if (!EFI_ERROR (Status)) { > + Status = ((PEI_SEC_PERFORMANCE_PPI *) PeiPpi)->GetPerformance ( > + > GetPeiServicesTablePointer (), > + > (PEI_SEC_PERFORMANCE_PPI *) PeiPpi, > + > &SecPlatformInformationContextHob- > >FirmwareSecPerformance > + ); > + ASSERT_EFI_ERROR (Status); > + if (!EFI_ERROR (Status)) { > + Status = PeiServicesReInstallPpi ( > + PeiPpiDescriptor, > + &mSecPerformancePpiDescriptor > + ); > + ASSERT_EFI_ERROR (Status); > + } > + } > + > + Status = PeiServicesLocatePpi ( > + &gEfiSecPlatformInformationPpiGuid, > + 0, > + &PeiPpiDescriptor, > + (VOID **) &PeiPpi > + ); > + if (!EFI_ERROR (Status)) { > + Status = ((EFI_SEC_PLATFORM_INFORMATION_PPI *) PeiPpi)- > >PlatformInformation ( > + > GetPeiServicesTablePointer (), > + > &SecStructureSize, > + > SecPlatformInformationPtr > + ); > + ASSERT (Status == EFI_BUFFER_TOO_SMALL); > + if (Status != EFI_BUFFER_TOO_SMALL) { > + return EFI_NOT_FOUND; > + } > + > + ZeroMem ((VOID *) &(SecPlatformInformationContextHob->Context), sizeof > (SEC_PLATFORM_INFORMATION_CONTEXT)); > + SecPlatformInformationContextHob->Context.PlatformInformationRecord = > AllocatePool ((UINTN) SecStructureSize); > + ASSERT (SecPlatformInformationContextHob- > >Context.PlatformInformationRecord != NULL); > + if (SecPlatformInformationContextHob- > >Context.PlatformInformationRecord == NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + SecPlatformInformationContextHob->Context.StructureSize = > SecStructureSize; > + > + Status = ((EFI_SEC_PLATFORM_INFORMATION_PPI *) PeiPpi)- > >PlatformInformation ( > + > GetPeiServicesTablePointer (), > + > &(SecPlatformInformationContextHob- > >Context.StructureSize), > + > SecPlatformInformationContextHob- > >Context.PlatformInformationRecord > + ); > + ASSERT_EFI_ERROR (Status); > + if (!EFI_ERROR (Status)) { > + Status = PeiServicesReInstallPpi ( > + PeiPpiDescriptor, > + &mSecPlatformInformationPostMemoryDescriptor > + ); > + ASSERT_EFI_ERROR (Status); > + } > + } > + > + return EFI_SUCCESS; > +} > + > +/** > + This function is the entry point which installs an instance of > REPUBLISH_SEC_PPI_PPI. > + > + It install the RepublishSecPpi depent on > PcdMigrateTemporaryRamFirmwareVolumes, install > + the PPI when the PcdMigrateTemporaryRamFirmwareVolumes enabled. > + > + @param[in] FileHandle Pointer to image file handle. > + @param[in] PeiServices Pointer to PEI Services Table > + > + @retval EFI_ABORTED Disable evacuate temporary memory feature by > disable > + PcdMigrateTemporaryRamFirmwareVolumes. > + EFI_SUCCESS An instance of REPUBLISH_SEC_PPI_PPI was installed > successfully. > + @retval Others An error occurred installing and instance of > REPUBLISH_SEC_PPI_PPI. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecMigrationPeiInitialize ( > + IN EFI_PEI_FILE_HANDLE FileHandle, > + IN CONST EFI_PEI_SERVICES **PeiServices > + ) > +{ > + EFI_STATUS Status; > + > + Status = EFI_ABORTED; > + > + if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) { > + Status = PeiServicesInstallPpi (&mEdkiiRepublishSecPpiDescriptor); > + ASSERT_EFI_ERROR (Status); > + } > + > + return Status; > +} > diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni > b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni > new file mode 100644 > index 000000000000..62c2064ba217 > --- /dev/null > +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni > @@ -0,0 +1,13 @@ > +// /** @file > +// Migrates SEC structures after permanent memory is installed. > +// > +// Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> > +// SPDX-License-Identifier: BSD-2-Clause-Patent > +// > +// **/ > + > + > +#string STR_MODULE_ABSTRACT #language en-US "Migrates SEC structures > after permanent memory is installed" > + > +#string STR_MODULE_DESCRIPTION #language en-US "Migrates SEC > structures after permanent memory is installed." > + > -- > 2.25.1.windows.1 > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#62394): https://edk2.groups.io/g/devel/message/62394 Mute This Topic: https://groups.io/mt/75390177/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
